This Week in Cloud: Saudi Arabia, Muni, the Russian National Bank, and Zynga Are Victims

Hackers and cybercriminals are showing no signs of slowing down heading into the holidays. If anything, attacks are heating up. A few attacks struck high profile government organizations around the world, from San Francisco to Russia to Saudi Arabia. Motives ranged from financial profit to geopolitical disputes. Read on for a collection of the latest news in cybersecurity in This Week in Cloud.

Researchers observed a variant of a server-wiping virus in an attack on Saudi Arabian government computers. Suspected Iranian hackers targeted Saudi Arabia’s civilian aviation agency with a virus reminiscent of previous attacks in 2012. Meanwhile, San Francisco’s public transportation system, Muni, suffered from a ransomware attack that temporarily disabled payment systems. Now, hackers are threatening to release sensitive information if Muni does not pay a ransom. Muni’s spokesperson claims no sensitive data was accessed. The motive is not clear; hackers claimed Muni was a random victim.

Earlier in the year hackers stole over $80 million from Bangladesh’s central bank – an attack unprecedented in its scope and target. This week, reports surfaced of a similar theft at Russia’s central bank. While the Bangladesh bank attack allegedly involved support from insiders, the attack on Russia has reportedly been traced to an account compromised by a third party. The similarity: simple stolen passwords were the source of both attacks. If nothing else, the attack should serve as a lesson for all financial services organizations not to trust a single password without multi-factor authentication and behavioral analysis.

In the private sector, video game company Zynga has taken legal action against a former employee for stealing confidential corporate data before joining a competitor. The employee downloaded folders directly from a corporate Google Drive account. Zynga discovered the theft after the fact and had to use browser history to conduct an investigation. The inside episode should remind companies that traditional security products do not offer visibility and protection for activity in cloud applications, even when the applications are sanctioned by the company. There is no substitute for cloud-specific threat protection.

Much of the time researchers are fortunate enough to discover browser vulnerabilities before they are exploited, but this was not the case with a security flaw that allowed attackers to deanonymize users of the privacy tool Tor. Many leading tech companies have relied on bug bounties to crowdsource the research of security vulnerabilities, and the practice has even spread to government agencies in the past year. Google released an update fixing 36 security vulnerabilities. The company paid out $70,000 in rewards to researchers.